You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by co...@apache.org on 2017/08/04 11:12:13 UTC
ranger git commit: Remove deprecated and unused code from the HBase
plugin
Repository: ranger
Updated Branches:
refs/heads/master 1befffcc1 -> 93c900c34
Remove deprecated and unused code from the HBase plugin
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/93c900c3
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/93c900c3
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/93c900c3
Branch: refs/heads/master
Commit: 93c900c346cdac33e268c2e76e2f37568cc1c7f3
Parents: 1befffc
Author: Zsombor Gegesy <gz...@gmail.com>
Authored: Sat Jul 22 23:36:06 2017 +0200
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Aug 4 12:04:02 2017 +0100
----------------------------------------------------------------------
.../hbase/RangerAuthorizationCoprocessor.java | 15 --------
.../hbase/RangerAuthorizationFilter.java | 9 ++---
.../hbase/RangerAuthorizationFilterTest.java | 38 +++++++++++++-------
3 files changed, 30 insertions(+), 32 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/93c900c3/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
index fc1db46..da73c67 100644
--- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
+++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationCoprocessor.java
@@ -21,11 +21,8 @@ import java.io.IOException;
import java.net.InetAddress;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.Calendar;
import java.util.Collection;
import java.util.Collections;
-import java.util.Date;
-import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
@@ -34,7 +31,6 @@ import java.util.List;
import java.util.Map;
import java.util.NavigableSet;
import java.util.Set;
-import java.util.TimeZone;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.logging.Log;
@@ -122,8 +118,6 @@ public class RangerAuthorizationCoprocessor extends RangerAuthorizationCoprocess
private static final String WILDCARD = "*";
private static final String NAMESPACE_SEPARATOR = ":";
- private static final TimeZone gmtTimeZone = TimeZone.getTimeZone("GMT+0");
-
private RegionCoprocessorEnvironment regionEnv;
private Map<InternalScanner, String> scannerOwners = new MapMaker().weakKeys().makeMap();
@@ -1170,15 +1164,6 @@ public class RangerAuthorizationCoprocessor extends RangerAuthorizationCoprocess
requirePermission("preCleanupBulkLoad", Permission.Action.WRITE, ctx.getEnvironment(), cfs);
}
- public static Date getUTCDate() {
- Calendar local=Calendar.getInstance();
- int offset = local.getTimeZone().getOffset(local.getTimeInMillis());
- GregorianCalendar utc = new GregorianCalendar(gmtTimeZone);
- utc.setTimeInMillis(local.getTimeInMillis());
- utc.add(Calendar.MILLISECOND, -offset);
- return utc.getTime();
- }
-
@Override
public void grant(RpcController controller, AccessControlProtos.GrantRequest request, RpcCallback<AccessControlProtos.GrantResponse> done) {
boolean isSuccess = false;
http://git-wip-us.apache.org/repos/asf/ranger/blob/93c900c3/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilter.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilter.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilter.java
index 0254100..4006afc 100644
--- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilter.java
+++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilter.java
@@ -28,6 +28,7 @@ import com.google.common.base.Objects;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.hbase.Cell;
+import org.apache.hadoop.hbase.CellUtil;
import org.apache.hadoop.hbase.filter.FilterBase;
import org.apache.hadoop.hbase.util.Bytes;
import org.apache.ranger.audit.model.AuthzAuditEvent;
@@ -55,7 +56,6 @@ public class RangerAuthorizationFilter extends FilterBase {
_session.auditHandler(_auditHandler);
}
- @SuppressWarnings("deprecation")
@Override
public ReturnCode filterKeyValue(Cell kv) throws IOException {
@@ -64,7 +64,7 @@ public class RangerAuthorizationFilter extends FilterBase {
}
String family = null;
- byte[] familyBytes = kv.getFamily();
+ byte[] familyBytes = CellUtil.cloneFamily(kv);
if (familyBytes != null && familyBytes.length > 0) {
family = Bytes.toString(familyBytes);
if (LOG.isDebugEnabled()) {
@@ -72,8 +72,9 @@ public class RangerAuthorizationFilter extends FilterBase {
}
}
String column = null;
- if (kv.getQualifier() != null && kv.getQualifier().length > 0) {
- column = Bytes.toString(kv.getQualifier());
+ byte[] qualifier = CellUtil.cloneQualifier(kv);
+ if (qualifier != null && qualifier.length > 0) {
+ column = Bytes.toString(qualifier);
if (LOG.isDebugEnabled()) {
LOG.debug("filterKeyValue: evaluating column[" + column + "].");
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/93c900c3/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilterTest.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilterTest.java b/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilterTest.java
index 48b8a17..e009347 100644
--- a/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilterTest.java
+++ b/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/RangerAuthorizationFilterTest.java
@@ -19,7 +19,7 @@
package org.apache.ranger.authorization.hbase;
import static org.junit.Assert.assertEquals;
-import static org.mockito.Matchers.anyString;
+import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -33,7 +33,6 @@ import org.apache.hadoop.hbase.Cell;
import org.apache.hadoop.hbase.filter.Filter.ReturnCode;
import org.junit.Test;
-@SuppressWarnings("deprecation")
public class RangerAuthorizationFilterTest {
@Test
@@ -61,43 +60,56 @@ public class RangerAuthorizationFilterTest {
Cell aCell = mock(Cell.class);
// families with know denied acess
for (String family : deniedFamilies) {
- when(aCell.getFamily()).thenReturn(family.getBytes());
+ setFamilyArray(aCell, family.getBytes());
+ setQualifierArray(aCell, new byte[0]);
assertEquals(ReturnCode.NEXT_COL, filter.filterKeyValue(aCell));
}
// family that isn't in allowed and if cell does not have column then it should be denied
- when(aCell.getFamily()).thenReturn("family7".getBytes());
- when(aCell.getQualifier()).thenReturn(null);
+ setFamilyArray(aCell, "family7".getBytes());
+ setQualifierArray(aCell, new byte[0]);
assertEquals(ReturnCode.NEXT_COL, filter.filterKeyValue(aCell));
// families with known partial access
for (String column : family7KnowGoodColumns ) {
- when(aCell.getQualifier()).thenReturn(column.getBytes());
+ setQualifierArray(aCell, column.getBytes());
assertEquals(ReturnCode.INCLUDE, filter.filterKeyValue(aCell));
}
- when(aCell.getFamily()).thenReturn("family8".getBytes());
+ setFamilyArray(aCell, "family8".getBytes());
for (String column : family8KnowGoodColumns ) {
- when(aCell.getQualifier()).thenReturn(column.getBytes());
+ setQualifierArray(aCell, column.getBytes());
assertEquals(ReturnCode.INCLUDE, filter.filterKeyValue(aCell));
}
// try some columns that are not in the cache
for (String column : new String[] { "family8-column3", "family8-column4"}) {
- when(aCell.getQualifier()).thenReturn(column.getBytes());
+ setQualifierArray(aCell, column.getBytes());
assertEquals(ReturnCode.NEXT_COL, filter.filterKeyValue(aCell));
}
// families with known allowed access - for these we need to doctor up the session
when(session.isAuthorized()).thenReturn(true);
for (String family : allowedFamilies) {
- when(aCell.getFamily()).thenReturn(family.getBytes());
- when(aCell.getQualifier()).thenReturn("some-column".getBytes());
+ setFamilyArray(aCell, family.getBytes());
+ setQualifierArray(aCell, "some-column".getBytes());
assertEquals(ReturnCode.INCLUDE, filter.filterKeyValue(aCell));
}
when(session.isAuthorized()).thenReturn(false);
for (String family : indeterminateFamilies) {
- when(aCell.getFamily()).thenReturn(family.getBytes());
- when(aCell.getQualifier()).thenReturn("some-column".getBytes());
+ setFamilyArray(aCell, family.getBytes());
+ setQualifierArray(aCell, "some-column".getBytes());
assertEquals(ReturnCode.NEXT_COL, filter.filterKeyValue(aCell));
}
}
+ private void setFamilyArray(Cell aCell, byte[] familyArray) {
+ when(aCell.getFamilyArray()).thenReturn(familyArray);
+ when(aCell.getFamilyLength()).thenReturn((byte) familyArray.length);
+ when(aCell.getFamilyOffset()).thenReturn(0);
+ }
+
+ private void setQualifierArray(Cell aCell, byte[] qualifierArray) {
+ when(aCell.getQualifierArray()).thenReturn(qualifierArray);
+ when(aCell.getQualifierLength()).thenReturn(qualifierArray.length);
+ when(aCell.getQualifierOffset()).thenReturn(0);
+ }
+
AuthorizationSession createSessionMock() {
AuthorizationSession session = mock(AuthorizationSession.class);
when(session.column(anyString())).thenReturn(session);